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(54) Abstract Title 

Method and apparatus for encrypting data 

(57) A method for encrypting data 15 comprising deriving a public key using a first data set that defines an 
instruction or term of an agreement; encrypting a second data set with the derived public key to produce a 
third data set; providing the encrypted third data set to a recipient 16; providing the public key to a third party 
e.g. a trusted authority 17 such that on satisfaction of the instruction or term of an agreement the third party 
provides or releases an associated private key to the recipient to allow decryption of the encrypted second 
data set. Satisfaction of the term of an agreement could comprise reaching a specified date or of making a 
payment. . 
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METHOD AND APPARATUS FOR ENCRYPTING DATA 

5 The present invention relates to a method and system for encrypting data. 

Escrow and PKI encryption are two techniques that have been utilised to allow 
information to be removed from the control of the information owner while still 
preventing other parties having access to the information until a 
10 predetermined condition has been met. 

Two common examples where these techniques have been used are in 
sealed bids and music distribution. Seal bids require that all bids are 
submitted by a specified date where the originator of the bid needs to be 

15 satisfied that their bid is not disclosed before the specified date. Music 
distributors may wish to publish their music on a public database, where the 
music distributors needs to be satisfied that the intended user of the music 
can not listen to the music until they have paid for the use of the music. 
However, the setting up and use of escrow and PKI encryption can be 

20 complex. 

It is desirable to improve this situation. 

In accordance with a first aspect of the present invention there is provided a 
25 method for encrypting data comprising deriving a public key using a first data 
set that defines an instruction and a second data set associated with the third 
party; encrypting a third data set with the public key; providing the encrypted 
third data set to a recipient; providing the public key to the third party such 
that on satisfaction of the instruction the third party provides an associated 
30 private key to the recipient to allow decryption of the encrypted third data set. 
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In accordance with a second aspect of the present invention there is provided 
a method for encrypting data comprising deriving a public key using a first 
data set that defines a term of an agreement and a second data set 
associated with a third party; encrypting a third data set with the public key; 
5 providing the encrypted third data set to a recipient; providing the public key to 
the third party such that on satisfaction of the term of the agreement the third 
party provides an associated private key to the recipient to allow decryption of 
the encrypted third data set. 

1 0 Preferably a term of the agreement that needs to be satisfied is that the 
private key should not be released to the recipient until a specified date. 

Preferably a term of the agreement that needs to be satisfied to allow release 
of the private key to the recipient is the making of a payment. 

15 

Most preferably the encrypted third data set includes a nonce. 

In accordance with a third aspect of the present invention there is provided a 
computer system for encrypting data comprising a first computer entity for 

20 deriving a public key using a first data set that defines a term of an agreement 
and a second data set associated with a third party and encrypting a third 
data set with the public key; communication means for providing the 
encrypted data to a second computer entity and the public key to a third 
computer entity; wherein the third computer entity is arranged, on satisfaction 

25 of the term of the agreement, to provide an associated private key to the 
second computer entity to allow decryption of the encrypted third data set. 

In accordance with a forth aspect of the present invention there is provided a 
computer system for encrypting data comprising a first computer node for 
30 deriving a public key using a first data set that defines an instruction and a 

second data set associated with the third party and encrypting a third data set 
with the public key; communication means for providing the encrypted data to 
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a second computer node and the public key to a third computer node; wherein 
the third computer node is arranged, on satisfaction of the instruction to the 
third party, to provide an associated private key to the second computer node 
to allow decryption of the encrypted third data set. 

5 

In accordance with a fifth aspect of the present invention there is provided a 
computer apparatus for encrypting data comprising a processor for deriving a 
public key using a first data set that defines a term of an agreement and 
encrypting a second data set with the public key. 

10 

In accordance with a sixth aspect of the present invention there is provided a 
computer apparatus for encrypting data comprising a processor for deriving a 
public key using a first data set that defines an instruction and encrypting a 
second data set with the public key. 

15 

For a better understanding of the present invention and to understand how 
the same may be brought into effect reference will now be made, by way of 
example only, to the accompanying drawings, in which:- 

20 Figure 1 illustrates a computer system according to an embodiment of the 
present invention; 

Figure 2 illustrates a computer system arranged to support a sealed bid 
according to an embodiment of the present invention; 

25 

Figure 3 illustrates a computer system arranged to support a music 
distribution system according to an embodiment of the present invention. 

The present invention addresses the issue of controlling access to data, 
30 where the owner/originator of the relevant data wishes to place conditions on 
the access to the data. This is achieved by using a public key to encrypt the 
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data where the public key itself stipulates the conditions under which access 
should be granted. 

I 

Figure 1 illustrates a computer system 10 according to an embodiment of the 
5 present invention. Computer system 10 includes a first computer entity 11, a 
second computer entity 12 and a third computer entity 13. Typically the three 
computer entities would be configured on separate computer platforms, 
however the computer entities 11, 12, 13 could be configured on a single 
computer platform. For the purposes of this embodiment, however, the three 
10 computer entities 1 1 , 12, 13 are coupled via the internet 14. 

Associated with the first computer entity 11 is a user 14 having data 15, for 
example a document, that they wish to make available, under certain 
conditions, to a third party. Associated with the second computer entity 12 is 

15 the intended recipient 16 of the data (i.e. the third party). Associated with the 
third computer entity 13 is a trust authority 17 (i.e. an authority that can be 
trusted by the user) for determining whether the conditions required for 
access to the data 15 and stipulated by the user 14 have been met. 
Additionally, the trust authority 17 makes publicly available the trust authorities 

20 public data 18, as described below. As would be appreciated by a person 
skilled in the art the trust authorities public data 18 can be made available in a 
variety of ways, for example via a web site. 

Having selected the trust authority 17 as the appropriate trust authority for the 
25 intended purpose the user obtains the trust authorities public data 18; typically 
the user will have a selection of trust authorities from which to choose the one 
most appropriate. 

The user 14 defines the terms and conditions for allowing access to the data. 
30 This string (i.e. the public encryption key), or typically a digital representation 
of this string, is then used to encrypt the user's data 15 (i.e. the data the user 
14 wishes to control access too), as described below. 
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The user's terms and conditions can be expressed in any suitable language, 
for example XML where the following example illustrates the use of XML to 
encapsulate possible terms and conditions: 

5 

< t e rms AndCondi t i ons none e = " 12345" > 
<or> 

<dateAfter value="01/01/02" > 
<and> 

10 <amount value=" 12 „ 52UKP" account="xyz"/> 

<or> 

<RequiredName name="NAME"/> 
<RequiredRole name =" Manage r" /> 

</or> 

15 </and> 
</or> 

< / 1 ermsAnd Condi t ions > 



The use of 'dataAfter* is used to instruct the trust authority not to release the 
20 associated private key to the recipient until after the '01/01/02'. Additionally, 
the terms and conditions require that an amount '12.52UKP' be paid by the 
recipient 16 before the trust authority releases the associated private key to 
the recipient 16. 

25 The trust authorities public data 18 includes a hash function # and a value N 
that is a product of two random prime numbers p and q, where the values of p 
and q are only known to the trust authority 17. 



The hash function # has the function of taking a string and returning a value in 
30 the range 0 to N-1. Additionally, the hash function # should have the jacobi 
characteristics: jacobi (#, N) = 1. That is to say, where x 2 =#modN the jacobi 
(#, N) = -1 if x does not exist, and = 1 if x does exist. 
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The values of p and q should ideally be in the range of 2 511 and 2 512 and 
should both satisfy the equation: p,# = 3mod4. However, p and q must not 
have the same value. 

5 

To encrypt each bit M of the user's data 15 the user 14 generates random 
numbers f + (where t + is an integer in the range [0, 2 N )) until the user 14 finds 
a value of / + that satisfies the equation jacobi(t^N) = M , where M 
represents the individual binary digits 0, 1 of the user's data 15 as -1, 1 
10 respectively. The user 14 then computes the value: 

s+ = (f + +# (publickeystring) lt + ) mod N . 

for each bit M where s+ corresponds to the encrypted bit of M. 

15 

In case #(publickeystring) is non-square the user 14 additionally generates 
additional random numbers (integers in the range [0, 2 N )) until the user 14 
finds one that satisfies the equation jacobi(t_,N}= m . The user 14 then 
computes the value: 

20 

s_ m (t_ -# (publickeystring) It J) mod N 
for each value of bit M. 

25 The encrypted data, together with the identity of the trust authority 1 7 and the 
public key, are made available to intended recipient 16 by any suitable 
means, for example via e-mail or by being placed in a electronic public area. 

The public key, together with the identity of the intended recipient 16, is also 
30 made available to the trust authority 17 by any suitable means. Consequently, 
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the trust authority 17 is able to determine the terms and conditions that need 
to be satisfied to allow the trust authority 17 to issue the intended recipient 16 
with the associated private key. 

5 The trust authority 17 determines the associated private key B by solving the 
equation : 

B 2 =# (publickeystring) mod N 

10 If a value of B does not exist, then there is a value of B that is satisfied by the 
equation: 

B 2 ss -# (publickeystring) mod N 

15 As N is a product of two prime numbers p, q it would be extremely difficult for 
any one to calculate the private key B with only knowledge of the public key 
string and N. However, as the trust authority 17 has knowledge of p and q (i.e. 
two prime numbers) it is relatively straightforward for the trust authority 17 to 
calculate B. 

20 

Any change to the public key will result in a private key that will not decrypt 
the document 15 correctly. Therefore, the intended recipient 16 cannot alter 
the public key before being supplied to the trust authority 17 and therefore 
cannot alter the relevant terms and conditions that apply to the release of the 
25 private key. 

On receipt of the public key, the trust authority 17 checks whether the relevant 
terms and conditions have been met. When the trust authority 17 is satisfied 
that the terms and conditions have been met they supply the recipient 16 with 
30 the private key together with some indication of whether the public key is 
positive or negative. 
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If the square root of the encryption key returns a positive value, the users data 
M can be recovered using: 

5 M = jacobi(s + + 2B 9 N) . 

If the square root of the encryption key returns a negative value, the users 
data M can be recovered using: 

10 M = jacobi(s_ + 2B, N) . 

The recipient 16 then uses the appropriate equation above, in conjunction 
with the private key, to decrypt the message. 

15 The recipient 16 may choose to cache the private key to decrypt the message 
1 5 at a later date. 

To prevent the reuse of the private key a nonce, i.e. a random number, can 
be incorporated into the terms and conditions. This ensures that the public 
20 key is unique thereby ensuring that the corresponding private key will also be 
unique. 

Figure 2 illustrates the use of the present invention for the purposes of a seal 
bid arrangement, where bidder 21 provides authorization for the tender 
25 manager 22 to read the contents of the bidders seal bid 24 after a given data, 
for example once all bids have been received. 



30 



The bidder defines a set of terms and conditions using a suitable language, 
for example XML. The terms and conditions would include a date after which 
the bid details could be decrypted. For example: 
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<termsAndConditions nonce= w 1234" > 
<and> 

<AccessorName name =" NAME " /> 
<OpenAfter date="09:00 ll/05/01"/> 
5 </and> 

</ termsAndConditions> 

This string would be used as the public key to encrypt the document, in 
conjunction with the appropriate trust authorities 23 public details 25. The 
10 public key and the encrypted document would then be made available to the 
tender manager 22 by any suitable means. 

In order for the tender manager 22 to obtain the respective private key the 
tender manager 22 sends the public key to the appropriate trust authority 23. 

15 The trust authority 23 would check that the requestor is the named tender 
manager and that the current date is after 09:00 11/05/01. Only when these 
conditions have been satisfied would the trust authority 23 release the private 
key, derived in accordance with the principles describe above. The nonce is 
included to ensure that the trust manager 23 will not have seen a public key 

20 identical to this in the past - and hence is not able to reuse an existing private 
key. 

This embodiment only refers to a single trust authority, however, each bidder 
might choose a trust authority of their own choosing. The tender manager 
25 would then have to go to the appropriate trust authority to obtain the private 
key. 

The language used to define the terms and conditions would be selected to 
allow expression of a variety of terms and conditions. 

30 

Figure 3 illustrates the use of the present invention for the purposes of 
enabling electronic distribution of music, where a music provider 31 provides 
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authorization for a recipient 32 to listen to the music after a specified payment 
has been made. 

The prospective recipient 32 would retrieve the encrypted music, together with 
5 the public key used to encrypt the music 35 and the name of the appropriate 
trust authority 33. The encrypted music could be access, for example, via a 
public electronic database (not shown). 

The public key might have the format: 

10 

<termsAndConditions nonce=" 1245" > 

< Amount value=" 12 . 4 5UKP" account= / 'xyz ,/ /> 
< / termsAndCondi t i ons > 

15 That is to say, the private key should only be release after the recipient 32 has 
paid a specified sum of money into a specified bank account 34. 

In order for the music to be played it must be decrypted, which requires 
providing the public key to the appropriate trust authority 33, who can then 
20 determine what conditions have to be satisfied to allow release of the 
appropriate private key. 

Any attempt on the part of the recipient to modify the terms and conditions 
would result in a public key that does not decrypt the music. 

25 
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CLAIMS 



1 . A method for encrypting data comprising deriving a public key using a 
first data set that defines an instruction; encrypting a second data set 
5 with the public key; providing the encrypted third data set to a recipient; 

providing the public key to a third party such that on satisfaction of the 
instruction the third party provides an associated private key to the 
recipient to allow decryption of the encrypted second data set. 

10 2. A method for encrypting data comprising deriving a public key using a 
first data set that defines a term of an agreement; encrypting a second 
data set with the public key; providing the encrypted second data set to 
a recipient; providing the public key to a third party such that on 
satisfaction of the term of the agreement the third party provides an 

1 5 associated private key to the recipient to allow decryption of the 

encrypted second data set. 

3. A method according to claim 2, wherein a term of the agreement that 
needs to be satisfied is that the private key should not be released to 

20 the recipient until a specified date. 

4. A method according to claim 2 or 3, wherein a term of the agreement 
that needs to be satisfied to allow release of the private key to the 
recipient is the making of a payment. 



25 



5. A method according to any preceding claim, wherein the second data 
set includes a nonce. 



30 



A method for encrypting data substantially as hereinbefore described 
with reference to the figures. 
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7. A computer system for encrypting data comprising a first computer 
entity for deriving a public key using a first data set that defines a term 
of an agreement and encrypting a second data set with the public key; 
communication means for providing the encrypted data to a second 
5 computer entity and the public key to a third computer entity; wherein 

the third computer entity is arranged, on satisfaction of the term of the 
agreement, to provide an associated private key to the second 
computer entity to allow decryption of the encrypted second data set. 

10 8. A computer system for encrypting data comprising a first computer 
node for deriving a public key using a first data set that defines an 
instruction and encrypting a second data set with the public key; 
communication means for providing the encrypted data to a second 
computer node and the public key to a third computer node; wherein 

15 the third computer node is arranged, on satisfaction of the instruction to 

the third party, to provide an associated private key to the second 
computer node to allow decryption of the encrypted second data set. 

9. A computer system for encrypting data substantially as hereinbefore 
20 described with reference to the figures. 

10. A computer apparatus for encrypting data comprising a processor for 
deriving a public key using a first data set that defines a term of an 
agreement and encrypting a second data set with the public key. 



25 



11. A computer apparatus for encrypting data comprising a processor for 
deriving a public key using a first data set that defines an instruction 
and encrypting a second data set with the public key. 



30 



12. A computer apparatus for encrypting data substantially as hereinbefore 
described with reference to the figures. 
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